Information Assurance/Security Policy Engineer IV

Employer
Vencore
Location
Springfield, VA
Posted
Sep 15, 2017
Closes
Sep 18, 2017
Function
Engineer, IT, QA Engineer
Industry
Engineering, Security
Hours
Full Time
Overview: Vencore is a proven provider of information solutions, engineering and analytics for the US Government. With more than 40 years of experience working in the defense, civilian and intelligence communities, Vencore designs, develops and delivers high impact, mission-critical services and solutions to overcome its customers most complex problems. Headquartered in Chantilly, Virginia, Vencore employs 3,800 engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do. Vencore is an AA/EEO Employer - Minorities/Women/Veterans/Disabled Responsibilities: Provides technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems. Designs, develops and implements security requirements within an organization's business processes. Prepares documentation from information obtained from customer using accepted guidelines such as DITSCAP (DoD Information Technology Security Certification and Accreditation Process). Prepares Security Test and Evaluation plans. Provides certification and accreditation support in the development of security and contingency plans and conducts complex risk and vulnerability assessments. Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps. Develops and completes system security plans and contingency plans. Recommends system enhancements to improve security deficiencies. Develops, tests and integrates computer and network security tools. Secures system configurations and installs security tools, scans systems in order to determine compliancy and report results and evaluates products and various aspects of system administration. Conducts security program audits and develops solutions to lessen identified risks. Develops strategies to comply with privacy, risk management, and e-authentication requirements. Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements. Evaluates, develops and enhances security requirements, policy and tools. Provides assistance in computer incident investigations. Performs vulnerability assessments including development of risk mitigation strategies.Cross Domain Engineering SupportHave specific knowledge of the NGA ECDS program, to include NGAs Certification and Accreditation requirements, consolidation, and Department of Defense Intelligence Information System (DoDIIS) / Combatant Command (COCOM) support efforts.Using this knowledge, support the ECDS Program Management office in the Certification and Accreditation, requirements definition, systems engineering activities, and consolidation of existing systems into the Enterprise solution.Security Engineering performs Cyber Security Engineering and program / project management for Cyber Security infrastructure for the ISP. The engineering staff forms the core of the organization and provides the Government with technical expertise and experience not available in the current government workforce. The staff must be highly skilled Information Assurance, Certification and Accreditation, and Cyber Security Engineering specifically and IT in general, in order to support, requirements analysis, lifecycle systems engineering, systems design, development, integration, transition, and market analysis.The organization manages the PMO for Enterprise Perimeter Defense and the Enterprise Cross Domain System (ECDS) and is instrumental in reviewing Requests for Change (RFCs), Engineering Change Proposals (ECPs) and advising the Government on the technical security merits of proposals as well as ensuring Cyber Security policies and directives are upheld in IT acquisition programs within the National System for Geospatial Intelligence (NSG).Have familiarity with and knowledge of the following policies, guidelines, and standards to Security Engineering projects and activities:General Policies and GuidanceDCID 6/3: Protecting Sensitive Compartmented Information within Information SystemsIntelligence Community Directive (IC) 503CJCSI 6510.01E: Information Assurance and Network DefenseDoD Information Assurance Certification and Accreditation Requires 8 to 10 years with BS/BA or 6 to 8 years with MS/MA or 3 to 5 years with PhD.Senior Security Engineer - cross-domain engineering3-5 years of experience in certifying IT systems using DIACAP security controls, policy, and risk assessments, to include CONOPS / System Security Authorization Agreement (SSAA) generation and Vulnerability Assessment Testing (VAT) in an IC or DoDIIS environmentWorking knowledge and 1-2 years of experience with the Unified Cross Domain Management Office (UCDMO) baseline list of cross domain systems, to include Radiant Mercury, Raytheon High Speed Guards, ISSE, or equivalent